Privacy Policy

Information We Collect

Kelola Pesan collects data needed to provide workspace messaging, contact segmentation, automation, broadcast, number validation, attachment, and social media integration features.

• Account and access data, such as username, license code, tenant ID, workspace license, agency license, session cookie, language preference, and theme preference.
• WhatsApp workspace data, such as workspace name, label, WhatsApp number, connection status, external session ID, connection time, session metadata, and error records.
• Contact and segmentation data, such as contact name, phone number, email, group ID, custom fields, contact list name, and import data.
• WhatsApp chat data, such as chat ID, sender name, sender number, message content, message direction, message status, message time, last message preview, and unread count.
• Automation and broadcast data, such as keywords, auto reply rules, automated message content, schedules, recipients, queue status, and error logs.
• Attachment data, such as original file name, stored file name, MIME type, file size, storage key, and attachment kind.
• Number validation data, such as raw number input, normalized number, validation status, and validation job result.
• External API key data, such as key ID, key prefix, secret hash, encrypted key, status, and last used time.
• Instagram data, such as Instagram user ID, username, display name, profile picture URL, encrypted access token, token expiry, permissions, connection status, media ID, caption, permalink, comment ID, commenter ID, commenter username, comment text, webhook payload, private reply message, external message ID, and reply status.
• Admin data, such as admin email, admin name, password hash, last login, admin WhatsApp connection, admin broadcast, notification templates, and workspace policy settings.

Data Sources

• Data entered directly by users or Kelola Pesan administrators.
• Data imported from files, contact lists, or WhatsApp chats connected to a workspace.
• Data received from the internal WhatsApp service for sessions, inbox, broadcast, and automation.
• Data received from Meta or Instagram APIs when a user connects Instagram and enables comments, DMs, or private replies.
• Technical data generated by the system, such as sessions, job status, timestamps, and error logs.

How We Use Data

• To verify user access by tenant, license, agency, and workspace.
• To run chat dashboards, segmentation, contact imports, blasts, sequences, auto reply bots, number validation, attachments, and session monitoring.
• To connect Instagram accounts to workspaces, store tokens securely, subscribe to Meta webhooks, read media, receive comment or DM events, and send private replies based on user-created automations.
• To prevent duplicate message sending, keep job idempotency, record statuses, and support troubleshooting.
• To provide admin features, notifications, admin broadcasts, connection policies, and watermark settings.
• To protect application security, audit access, investigate errors, and comply with third-party platform policies.

Storage and Security

Kelola Pesan uses tenant and workspace separation to limit data access. Instagram access tokens and API keys are stored encrypted or hashed as appropriate. Admin passwords are stored as hashes, not plain text.

Access is limited by tenant, license, agency, and workspace scope. No system is completely risk-free, so users must also protect login access, license codes, and devices.

Sharing Data with Third Parties

Kelola Pesan does not sell user data. Data may be processed by infrastructure, database, storage, logging, WhatsApp service, Meta or Instagram API, and other technical providers needed to run the service.

We may disclose data if required by law, competent authority requests, or to protect the safety of the service and users.

Data Retention

Data is retained while the workspace, account, or integration remains active, or as long as needed to provide the service. Deleted data may be marked deleted, permanently removed, or anonymized depending on the data type and operational needs.

Some data may be kept temporarily for security, audit, dispute resolution, legal obligations, billing, or backup purposes.

User Rights

• Request access to data related to a workspace or integration.
• Request correction of inaccurate data.
• Disconnect Instagram or WhatsApp integrations.
• Request deletion of certain data according to the Data Deletion page.
• Contact Kelola Pesan for privacy and data use questions.

Policy Changes

This policy may be updated from time to time to reflect feature, regulatory, security, or third-party platform policy changes. The latest version will be available on this page.